Safe Harbour flounders on judicial rocks

The Safe Harbour agreement, which lets American companies use a single standard for consumer privacy and data storage in both the US and Europe, has been ruled invalid. The agreement, which would have provided clarity and certainty over complex sovereignty issues of data stored in the cloud, seems to have floundered as a result of the whistleblowing activities of Edward Snowden.

Information leaked by Snowden showed data of non-US citizens stored in Europe by US companies was not safe from US government surveillance activity, even though such practice is illegal in Europe. Unfortunately, there is little doubt that this is going to reinforce one of the barriers that has prevented some companies from obtaining the full benefits of public cloud services.

The WWW, borders and laws brought into conflict

In many ways the rejection of Safe Harbour under EU judicial scrutiny has some resonances with the affinity for tax avoidance that global internet giants and other multinational corporations seem to have developed.

The internet creates holes in the country borders which have historically determined which laws apply. The World Wide Web superimposes a different set of boundaries. Frequently, this means international borders, the laws of individual nation states or regional legislatures and judicial interpretation conflict with one another.

Ultimately it is a failure to develop an international consensus that is creating the problem.

To ensure security remains sensibly aligned and proportionate while providing data privacy, leading economies need to reach an agreement that enables them to act in a unified manner.

Until then, many businesses are likely to find public cloud services lack the privacy assurance they require.

Certainty about sovereignty with private cloud from HTL Support

For companies such as UK firms within scope of FCA regulation, private cloud solutions remain the best way to enjoy certainty over data sovereignty. HTL Support's private cloud solutions enable companies to get the benefits of cloud technology while avoiding the sticky issues around data held offshore, specifically the laws which may be applied, and who has legal access to it.

Our client’s private cloud infrastructure may employ a data centre on their site with data replicated for backup and disaster recovery purposes to as many as four widely dispersed UK sites. The sites are secured in compliance with ISO270001, meeting the regulatory requirement which may apply to UK financial services firms.

This contains the full story of how an Austrian citizen who challenged a US corporation storing his data in Ireland, went on to appeal the decision of Ireland’s data regulator to the European Court of Justice, which ruled Safe Harbour is invalid because US government mass surveillance violates fundamental rights… It’s complicated! Get certainty and simplicity with HTL Support.